초록

Resisting distributed denial of service (DDoS) attacks become more challenging with the availability of resources and techniques to attackers. The application-layer-based DDoS attacks utilize legitimate HTTP requests to overwhelm victim resources are more undetectable and are protocol compliant and non-intrusive. Focusing on the detection for application layer DDoS attacks, the existing scheme provide an access matrix which capture the spatial-temporal patterns of a normal flash crowd on non stationary object. The access matrix captures the spatial-temporal patterns of the normal flash crowd and the anomaly detector based on hidden Markov model (HMM) described the dynamics of Access Matrix (AM) to detect the application DDoS attacks. However current application layer attacks have high influence on the stationary object as well. In addition the detection threshold for non stationary object should be reevaluated to improve the performance of false positive rate and detection rate of the DDoS attacks.